Difference between revisions of "Same-origin policy"

From Wiki @ Karl Jones dot com
Jump to: navigation, search
(See also)
(External links)
 
(2 intermediate revisions by the same user not shown)
Line 22: Line 22:
 
* [[Client-side scripting]]
 
* [[Client-side scripting]]
 
* [[Computer security]]
 
* [[Computer security]]
 +
* [[Cross-origin resource sharing]]
 
* [[Cross-site scripting]]
 
* [[Cross-site scripting]]
 
* [[Document Object Model]]
 
* [[Document Object Model]]
Line 33: Line 34:
  
 
* [http://en.wikipedia.org/wiki/Same-origin_policy Same-origin policy] @ Wikipedia
 
* [http://en.wikipedia.org/wiki/Same-origin_policy Same-origin policy] @ Wikipedia
 +
 +
[[Category:Computer science]]
 +
[[Category:Computing]]
 +
[[Category:Internet security]]
 +
[[Category:Web design and development]]

Latest revision as of 18:03, 24 April 2016

In computing, the same-origin policy is an important concept in the web application security model.

Description

Under the policy, a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin.

An origin is defined as a combination of URI scheme, hostname, and port number.

This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page's Document Object Model.

Cookies

This mechanism bears a particular significance for modern web applications that extensively depend on HTTP cookies to maintain authenticated user sessions, as servers act based on the HTTP cookie information to reveal sensitive information or take state-changing actions.

Strict separation between unrelated sites

A strict separation between content provided by unrelated sites must be maintained on the client side to prevent the loss of data confidentiality or integrity.

See also

External links